STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must enable the vSAN Health Check.

DISA Rule

SV-243109r719570_rule

Vulnerability Number

V-243109

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000053

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> Services.

Click "Edit" next to "Health Service".

Click the slider to "Turn On Periodical Health Check" and configure the time interval as necessary (default is 60 minutes).

Check Contents

If no clusters are enabled for vSAN, this is not applicable.

From the vSphere Client, go to Hosts and Clusters.

Select a vSAN Enabled Cluster >> Configure >> vSAN >> Services >> Health Service.

Review the "Health Service Status" and verify that it is set to "Enabled".

If vSAN is enabled and the vSAN Health Service is disabled, this is a finding.

Vulnerability Number

V-243109

Documentable

False

Rule Version

VCTR-67-000053

Severity Override Guidance

If no clusters are enabled for vSAN, this is not applicable.

From the vSphere Client, go to Hosts and Clusters.

Select a vSAN Enabled Cluster >> Configure >> vSAN >> Services >> Health Service.

Review the "Health Service Status" and verify that it is set to "Enabled".

If vSAN is enabled and the vSAN Health Service is disabled, this is a finding.

Check Content Reference

M

Target Key

5399

Comments